CWE-22

RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.

The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure.

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

Gravitee API Management before 3.15.13 allows path traversal through HTML injection.

A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.